The present invention relates to the protected storage of data from message traffic. Said message traffic may comprise a call between two or more individuals who each make use of a telephone or other communication appliance. The data may, however, also be derived from a communication which is recorded by a user of a telephone on a tape of another individual. Finally, the data may be derived from completely digital message traffic which takes place between two or more automatically functioning appliances which exchange data without direct intervention of individuals.
The International Patent Application WO/A-96/10314 describes a method and a device for communicating between two telecommunication appliances, for example fax machines or telephones. Use for E-mail is also claimed. Said patent application proceeds from the problem that message traffic between two telecommunication appliances has sometimes to be certified so that it can later be proved that the respective message traffic has taken place on a certain date and at a certain time. The device is provided with a matrix switch which is arranged between the two mutually communicating telecommunication appliances. With the aid of the matrix switch, a three-party call can be organized between the two telecommunication appliances and certification means. To that end, one of the parties makes a request that will be handled by the matrix switch. After such a three-party call has been set up, the contents of the message traffic will also be passed to the certification means, where the contents are provided with delivery attributes. Such delivery attributes may comprise the telephone number of the telecommunication appliances, the date and the time. The certification means ensure that the contents of the message traffic are provided with such attributes and then despatched to the individual who has involved the service. This takes place in the form of, for example, paper copies of the contents of the message traffic to which the attributes have been attached. Such papers are then despatched to the individual who has involved the service via the normal post.
A disadvantage of the known device and the service thereby provided is that no measures have been taken for the reliable protection of the contents of the message traffic. There are too many ways of subsequently manipulating the contents of the message traffic or the attributes. If paper copies of the contents of the message traffic have later to serve as evidence, declarations made under oath by employees of, for example, the certification means will therefore still be necessary.
U.S. Pat. No. 5,629,982 discloses a method of transmitting and receiving messages between two or more parties via an electronic communication route. The object of this known method is to arrange for the communication to proceed in such a way that all the parties are certain of the actions taken. After the communication has ended, each sender of a message is certain that the recipient has received the message, while the recipient is certain that he has received the correct message. The method described may be used, for example, in the electronic conclusion of a contract, in which both parties wish to receive a copy, xe2x80x9csignedxe2x80x9d by the other party, more or less at the same time. For this purpose, the method makes use of a reliable third party (xe2x80x9ctrusted third partyxe2x80x9d). In this connection, said reliable third party is an intermediary between the communicating parties and interrupts the direct communication between the parties. For messages of short duration this may be a good option, but for calls of longer duration or message traffic of longer duration, indirect communication is impractical. In addition, said U.S. patent specification does not relate to safe storage of calls or messages, for example with a date/time stamp.
The company VoiceLog LLC, 9509 Hanover South Trail, Charlotte, N.C. 28210, offers via the Internet (www.voicelog.comm) a service for the automatic storage of the contents of a call. The call takes place between two parties, the VoiceLog system being added as third party in a three-party conference call. The VoiceLog system can be added in this way by both of the two parties. The VoiceLog system provides the individual involving the service with a unique record ID number which is a reference to the memory location within the VoiceLog system where the contents of the call are stored and where the contents can therefore be retrieved again later. The individual involving the service provides the system with an authorization code with which he has to identify himself later in order to be able to request the contents. A disadvantage of the known system is that the use of a conference call is necessary for this purpose, which is more expensive than a normal call. A further disadvantage is that only the identity of the individual involving the service is recorded and not that of the other party. In addition, the individual involving the service can later acquire access to the contents of the call and has the possibility of altering the contents subsequently, which is often undesirable. Finally, it is not ensured that the contents of the call are not accessible later for the VoiceLog system.
U.S. Pat. No. 5,136,643 describes a method and a device for applying a digital date/time stamp to a digital document. Making use of a xe2x80x9cdigital notaryxe2x80x9d is dismissed in said document as impractical. A device is described with which an owner of a digital document can apply the desired date/time stamp himself. The device itself is attacker-proof insofar as any attempt to manipulate the clock present in it will not remain unnoticed because of the physical damage to the device necessary for that purpose. The method described for applying the digital date/time stamp makes use of known elements, such as the generation of random numbers, secret private keys, public keys, digital signatures, the creation of a xe2x80x9chashxe2x80x9d of a document to be stamped (in U.S. Pat. No. 5,136,643, a xe2x80x9chashxe2x80x9d is defined as a unidirectional coding with a fixed length of the document), etc. The device and method described do not relate to protected storage with date/time stamp of electronic calls between two or more callers.
Various publications relate to the provision of a date/time stamp on a document which occupies a certain position in a series, for example diary entries or entries in a laboratory logbook. In this connection, it is important that the date and time of the entries are recorded unambiguously and that they cannot be altered unnoticed. Systems and procedures for this purpose are described, for example, in U.S. Pat. No. 5,189,700 and U.S. Pat. No. 5,347,579. With the aid of cryptographic procedures, including digital signatures, private keys, public keys, the calculation of a xe2x80x9chashxe2x80x9d of the document to be provided with a stamp, the desired data, including the author of the document, the date/time, the document and an ID of the appliance which has applied the stamp are recorded.
A method of identifying a user of a system with the aid of a voice password check is disclosed, for example, in EP-A-0,444,351.
The object of the present invention is the incontestable and reliable recording of the contents of message traffic with authentication of either the participants in the message traffic which takes place via a telecommunication link or of one or more of the respective communication appliances used.
A further object of the invention is that such recorded message traffic cannot be played back later by individuals other than the parties without the collaboration and agreement of at least one of the parties. In addition, an object is to ensure that the recorded contents cannot be altered later.
To fulfil said object, the invention relates to a method for protected storage of data from message traffic taking place between at least two communication appliances, comprising the following steps:
a. the setting-up of a telecommunication link between at least a first communication appliance and a second communication appliance;
b. the setting-up of a monitoring link between the telecommunication link and telecommunication means of a third party;
c. the storage of a first identity of either a first user of the first communication appliance or of the first communication appliance and a second identity of either a second user of the second communication appliance or of the second communication appliance by the telecommunication means of the third party;
d. the storage of the data despatched via the telecommunication link by the telecommunication means of the third party,
characterized in that the following steps are carried out:
e. the encipherment of the data prior to the storage in step d. using a symmetrical conversation key;
f. the storage of the conversation key enciphered using public keys of the users by the telecommunication means of the third party;
g. the signing of data stored using the symmetrical conversation key and also of the stored first and second identities by the telecommunication means of the third party.
In the method defined above, xe2x80x9cmonitoring linkxe2x80x9d must be interpreted in such a way that the telecommunication means of the third party are capable of receiving the data from the message traffic between the first and second communication appliances. Said data from the message traffic are stored in enciphered form using a symmetrical conversation key, as defined in point d.
The encipherment using such a symmetrical conversion key can be carried out in a first embodiment by the telecommunication means of the third party. In an alternative method, the data from the message traffic are, however, already enciphered using the symmetrical conversion key by the communication appliances participating in the call themselves. In this latter option, although the telecommunication means of the third party can therefore xe2x80x9cmonitorxe2x80x9d, but said means can themselves never gain access to the data because the data are despatched back and forth only in enciphered form using the symmetrical conversion key via the telecommunication link set up. This option therefore gives added protection against unauthorized xe2x80x9cmonitoringxe2x80x9d. Of course, this option does require some intelligence in the communication appliances used because they have to be capable of bringing about said encipherment using such a symmetrical conversation key.
Under point c. above, it is stated that either the identities of the participants in the call or the identities of the communication appliances participating in the call are stored in enciphered form. The identification of the participants in the call gives, of course, a higher degree of security than the recording of the identity of the communication appliances used.
Moreover, it is defined under point e. above, that the data despatched during the message traffic are enciphered prior to the storage using a symmetrical conversation key. Said symmetrical conversation key will have to be as unique as possible for the stored call. As defined under point f., the symmetrical conversation key associated with every call will be stored in enciphered form using public keys of the users after termination of the call itself. This measure provides the guarantee that only the participants in the call are able to play back the contents of the stored call later.
Under point g. it is specified that, after termination of the call, all the stored data are signed by the telecommunication means of the third party. The third party is therefore a party trusted by all the participants in the call who exercises the function of a notary with an authenticated signature. The measures specified under g. prevent anyone from being able to alter the contents of the stored data later.
In an alternative embodiment, the method is characterized by the following steps:
cxe2x80x2. in step c., the date and the time of the message traffic are in addition stored in enciphered form;
gxe2x80x2. in step g., the enciphered stored date and time are in addition signed by the telecommunication means.
The addition of the date and the time at which the message traffic takes place to the enciphered stored data is desirable in many cases in order to be able to prove later when the call took place.
In order to reduce the amount of stored data, in a further embodiment, in step g., a hash can be generated by the telecommunication means over the data stored with a symmetrical conversation key and also the first and second identities stored in enciphered form, after which the hash is signed by the telecommunication means. Within the scope of the present invention, a hash is defined as follows:
A hash function h is a function which calculates for any digital file (or message or text) M, a shorter digital hash code h(M) (possibly of predetermined length), to which the following apply:
Given the message M, the hash code h(M) is simple to calculate.
Given a hash code hxe2x80x2, it is virtually impossible to find, within a reasonable time a message M which is such that h(M)=hxe2x80x2.
Given a message M, it is virtually impossible to find, within a reasonable time, a message Mxe2x80x2 which is such that the hash code for M is equal to that of Mxe2x80x2.
In the case where the date and the time are also stored, such a hash will also extend over the date and the time.
In order to increase the degree of protected storage still further, the method is characterized in a further embodiment by the following further step:
h. the signing by the at least first communication appliance and second communication appliance with private keys of the data stored using the symmetrical conversation key and also of the first and second identities stored in enciphered form, after which the telecommunication means of the third party stores all of the data thus signed.
In this connection, it is pointed out that the private key is associated with a user as an individual or with a device used, for example a chip card.
In step h., too a hash can first of all be generated by the telecommunication means over the data stored using the symmetrical conversation key and also the first and second identities stored in enciphered form, after which the hash is signed by the at least first and second communication appliances using the private keys.
Similar measures can also be taken if the date and time are stored in enciphered form.
In the case where the communication appliances themselves already communicate with one another with data enciphered by themselves using a symmetrical conversation key, the symmetrical conversation key, after having been enciphered using public keys of the users, is despatched, prior to step f. defined above from the first and second communication appliances to the telecommunication means of the third party.
As stated above, in a further embodiment, the telecommunication means will only provide access to any of the stored data to any user who identifies himself in the correct manner. Identification may take place by means of a private key, speaker verification, access code, etc. Biometric signals can also be used for identification of individuals.
The invention furthermore relates to processor means which are equipped to:
a. set up a telecommunication link between at least a first communication appliance and a second communication appliance;
b. set up a monitoring link between the telecommunication link and the processor means;
c. store a first identity of either a first user of the first communication appliance or of the first communication appliance and a second identity of either a second user of the second communication appliance or of the second communication appliance;
d. store data despatched via the telecommunication link,
characterized in that the processor means are also equipped to:
e. encipher the data using a symmetrical conversation key prior to the storage in step d.;
f. store the conversation key enciphered using public keys of the users;
g. sign the data stored using the symmetrical conversation key as well as the stored first and second identities.